diff --git a/modules/distribution/src/core/conf/security/Owasp.CsrfGuard.Carbon.properties b/modules/distribution/src/core/conf/security/Owasp.CsrfGuard.Carbon.properties
index 345a112a..78c42b0b 100644
--- a/modules/distribution/src/core/conf/security/Owasp.CsrfGuard.Carbon.properties
+++ b/modules/distribution/src/core/conf/security/Owasp.CsrfGuard.Carbon.properties
@@ -469,16 +469,15 @@ org.owasp.csrfguard.unprotected.publisherAcs=%servletContext%/publisher/acs
 org.owasp.csrfguard.unprotected.publisherApi=%servletContext%/publisher/api
 org.owasp.csrfguard.unprotected.storeAcs=%servletContext%/store/acs
 org.owasp.csrfguard.unprotected.apiStoreAcs=%servletContext%/api-store/acs
-org.owasp.csrfguard.unprotected.apiStoreApis=%servletContext%/api-store/apis
+org.owasp.csrfguard.unprotected.apiStoreApis=%servletContext%/api-store/apis/*
 org.owasp.csrfguard.unprotected.portalAcs=%servletContext%/portal/acs
 org.owasp.csrfguard.unprotected.portalApis=%servletContext%/portal/apis/*
 org.owasp.csrfguard.unprotected.socialAcs=%servletContext%/social/acs
-org.owasp.csrfguard.unprotected.socialApis=%servletContext%/social/apis
+org.owasp.csrfguard.unprotected.socialApis=%servletContext%/social/apis/*
 org.owasp.csrfguard.unprotected.appStoreDevices=%servletContext%/store/apps/devices/*
 org.owasp.csrfguard.unprotected.appStoreApis=%servletContext%/store/apis/*
 org.owasp.csrfguard.unprotected.appPortalClient=%servletContext%/portal/apis/*
 
- 
 #carbon
 org.owasp.csrfguard.unprotected.Services=%servletContext%/services/*